cross-posted from: https://infosec.pub/post/14206569
Hi all,
First off: Can't switch to Linux, Windows is a work requirement. Please spare me.
With that out of the way, here's my problem:
Since 2-3 days I've been seeing ads disguised as a minimized video player popup on my Windows 10 Login Screen .
Initially I thought I might have been watching something on youtube and forgot to close the tab and it autoplayed in the background until reaching this stuff by chance; but that turned out not to be the case (I'm also using Firefox exclusively, which I thought wouldn't integrate with Windows, but I wasn't 100% sure on that end).
I tried to research this a bit, but the only similar case I found was in an old reddit thread saying that some Windows update installed the LinkedIn App for them, which is not the case here.
Antivirus (Bit Defender) and Malwarebytes both give me a clean report.
So I did some more digging and right click that thing with my firewall set to deny all to figure out where this is taking me, and surprise...
There's a total of 100 connection attempts from Windows Search to around 10 different IP addresses, all of which belong to Microsoft.
I have not installed any updates in the last 14 days, no new software, and have not changed any system settings.
What did change is that I am currently not in China, where I normally live, but am on a business trip to Malaysia, where a bunch of services that are blocked in China might be accessible, and are now splicing in those (somewhat disguised) ads.
Does this happen to anyone else, and if so, do you have an idea how to get rid of it?
Thanks a lot in advance!
Hi all,
First off: Can't switch to Linux, Windows is a work requirement. Please spare me.
With that out of the way, here's my problem:
Since 2-3 days I've been seeing ads disguised as a minimized video player popup on my Windows 10 Login Screen .
Initially I thought I might have been watching something on youtube and forgot to close the tab and it autoplayed in the background until reaching this stuff by chance; but that turned out not to be the case (I'm also using Firefox exclusively, which I thought wouldn't integrate with Windows, but I wasn't 100% sure on that end).
I tried to research this a bit, but the only similar case I found was in an old reddit thread saying that some Windows update installed the LinkedIn App for them, which is not the case here.
Antivirus (Bit Defender) and Malwarebytes both give me a clean report.
So I did some more digging and right click that thing with my firewall set to deny all to figure out where this is taking me, and surprise...
There's a total of 100 connection attempts from Windows Search to around 10 different IP addresses, all of which belong to Microsoft.
I have not installed any updates in the last 14 days, no new software, and have not changed any system settings.
What did change is that I am currently not in China, where I normally live, but am on a business trip to Malaysia, where a bunch of services that are blocked in China might be accessible, and are now splicing in those (somewhat disguised) ads.
Does this happen to anyone else, and if so, do you have an idea how to get rid of it?
Thanks a lot in advance!
Hi all,
As our community is still small and not overly active, I thought instead of trying to have a weekly or monthly chatter thread up as a sticky, we could try a perpetual one and see what happens.
So anything you feel doesn't warrant a post of its own, just put it here.
Cheers and take care!
Hi all,
Need to pick your brains for a bit regarding best practices for handling of account recovery issues while traveling.
Premise would be that my phone gets lost or stolen, and I may not have easy access to my laptop either, and being in a foreign country I couldn't easily get a copy of the original SIM to restore via OTP.
Consequently, I also don't really love the idea of using some password manager with a master password and no F2A.
Under those circumstances, what would you consider the best way forward to ensure accessibility without crippling myself in the process?
The only thing I can come up with is a random subdomain on one of my domains, with random username and random password, where I store an encrypted container containing txt-files. Maybe even further obscured with a random cypher (all numbers / letters shifted x positions to the right or something).
But there's gotta be other use-cases out there, so I was wondering what you are using?
Ideally something that doesn't involve another person.
Thanks!
Hi all,
I've got a bit of a spam issue that isn't solved by either keyword or actual spam filter. The problem is that I'm in China and mass email marketing here is acceptable for some reason, so local spam filters don't catch the perps, and international ones are useless based on the language.
And since I'm in a customer/supplier facing role, quite a few genuine mails use the same keywords as the spammers, so that doesn't work to fix my problem.
However, the mails are usually sent to hundreds of people at once, all with their mail addresses in plain view in CC.
So I'd just like to set up a filter to send mails with >100 recipients or something like that straight to trash, but can't seem to find it in the outlook rule settings.
Does anyone know of a useful workaround?
Thanks!
@viking
@infosec.pub